My address book has been spammed with apparent phishing email

Discussion in 'Malware Help (A Specialist Will Reply)' started by fiveolddogs, Feb 5, 2015.

  1. fiveolddogs

    fiveolddogs Private E-2

    Everyone in my address book (gmail) has been sent an email (apparently) from me entitled "Re: Good Morning" which includes the text:

    i've sent you the details of the Document ​

    and a link titled "View PDF". This link shows the Google Drive banner and requests email address, phone number. and password.

    Looking at my Gmail sent folder, I see no such outgoing email. I don't know how this happened. My concern is that rogue software on my PC either sent out the phishing emails or grabbed my Gmail credentials.

    I have run CCleaner, RogueKiller, Malwarebytes Anti-Malware, TDSSKiller, HitmanPro, and MGtools according to the instructions on this site.

    I have attached the log files to this post.
     

    Attached Files:

    fiveolddogs, Feb 5, 2015
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hi there, I am reviewing those logs and will get back to you with a response in a few moments. :)
     
    Kestrel13!, Feb 6, 2015
    #2
  3. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Can you re run Malware Bytes please, let it fix anything it finds and attach the CORRECT log for it. Thanks.


    http://img805.imageshack.us/img805/9659/rktigzy.gif Fix items using RogueKiller.

    Double-click RogueKiller.exe to run. (Vista/7/8 right-click and select Run as Administrator)
    When it opens, press the Scan button
    Now click the Registry tab and locate these detections:

    • [PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{a235e1e3-6296-4710-af39-104a7faa6c7c} -> Found
    • [PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{c66a678d-5e6c-4af9-8f57-c6192f42cf74} -> Found
    • [PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{f236ca79-3123-4afb-9f74-e98117ad5625} -> Found
    • [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a235e1e3-6296-4710-af39-104a7faa6c7c} -> Found
    • [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f236ca79-3123-4afb-9f74-e98117ad5625} -> Found
    • [PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | FromDocToPDF Home Page Guard 64 bit : "C:\PROGRA~2\FROMDO~2\bar\1.bin\AppIntegrator64.exe" -> Found
    • [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | FromDocToPDF Search Scope Monitor : "C:\PROGRA~2\FROMDO~2\bar\1.bin\65srchmn.exe" /m=2 /w /h -> Found
    • [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FromDocToPDF_65Service (C:\PROGRA~2\FROMDO~2\bar\1.bin\65barsvc.exe) -> Found
    • [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FromDocToPDF_65Service (C:\PROGRA~2\FROMDO~2\bar\1.bin\65barsvc.exe) -> Found
    • [PUP.Ask?PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-653373433-2252124362-1593081999-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://home.tb.ask.com/index.jhtml?n=77FD35DB&p2=^Y6^xdm003^S08985^us&ptb=A43E3AD3-34B0-4263-8AA9-B1098B4C09ED&si=COrNm6P4nL0CFa9cMgodBGYAUA -> Found
    • [PUP.Ask?PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-653373433-2252124362-1593081999-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://home.tb.ask.com/index.jhtml?n=77FD35DB&p2=^Y6^xdm003^S08985^us&ptb=A43E3AD3-34B0-4263-8AA9-B1098B4C09ED&si=COrNm6P4nL0CFa9cMgodBGYAUA -> Found

    Place a checkmark next to each of these items, leave the others unchecked.
    Now press the Delete button.

    ...and the same for this entry on the "Web Browsers" tab please...

    • [PUP][FIREFX:Addon] uyky6xaw.default : FromDocToPDF [65ffxtbr@FromDocToPDF_65.com] -> Found
    When it is finished, there will be a log on your desktop called: RKreport[2].txt
    Attach RKreport[2].txt to your next message. (How to attach)
    Reboot the machine.


    Now re run Hitman Pro and let it remove what it sees.



    • Re run Roguekiller and attach log.
    • Same for Hitman.
    • Run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.
    • Let me know of any problems you may have encountered with the above instructions and also let me know how things are running!
     
    Kestrel13!, Feb 6, 2015
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds